please move this stuff into DNS
Posted Dec 26, 2008 3:36 UTC (Fri) by TRS-80
In reply to: please move this stuff into DNS
Parent article: SSL man-in-the-middle attacks
The point isn't how easy/lazy it is, the point is to avoiding have to trust (now apparently) untrustworthy CAs. Maintaining your own CA (is that what you mean by signing certificate?) might be OK if you're the only user, but asking other people to install your CA is a right pain, and then you have to worry about keeping the CA secure, plus all the regular PKIX hassles of updating certs etc.
to post comments)